DBAG invests in cybersecurity tester Bug Bounty Switzerland
Frankfurt am Main — Deutsche Beteiligungs AG (DBAG) has acquired a minority stake in Bug Bounty Switzerland AG (BBS). The investment is part of a long-term participation and is made exclusively with funds from DBAG’s balance sheet. BBS, based in Lucerne, is the Swiss pioneer for ethical hacking, intelligent security testing and the service-as-software model. DBAG, together with lead investor Direttissima Growth Partners, is investing as part of a capital increase, which will be used exclusively for the further growth of the company. Direttissima is a European growth equity investor based in Zurich and Munich with operational scale-up experience in the B2B technology sector.
With the Cyber Resilience Shield security platform, BBS enables its customers to carry out continuous, scalable security assessments of their entire exposed attack surface without internal specialists or fragmented individual solutions. Human+Machine: Bug Bounty Switzerland combines 16,000 experts with AI technology to provide organizations and companies with a strong phalanx against potential cybersecurity risks.
Strategic investment in a fast-growing cybersecurity provider
With its investment in BBS, DBAG is expanding its portfolio to include a profitable, highly scalable provider in the structurally growing cybersecurity market. The company was founded in 2020 by Sandro Nafzger, Florian Badertscher and Lukas Heppler in Lucerne and was built up entirely on its own without external financing. BBS has successfully made the transition from a project-based service model to the Cyber Resilience Shield subscription platform with a high proportion of recurring revenue. BBS now has around 52 customers, including the federal government’s National Cyber Security Center (NCSC) and leading companies in the financial services, defense and critical infrastructure sectors. The founding team continues to hold the majority of shares and plays a key role in shaping the strategic direction.
Investments from balance sheet funds enable long-term partnerships
DBAG’s long-term investment strategy focuses on minority shareholdings for which funds are used exclusively from the company’s own balance sheet. This enables a holding period that extends beyond the usual term of a private equity fund investment and offers greater flexibility in the strategic orientation and growth support of the portfolio companies. To date, DBAG has invested in six other companies as part of this investment strategy, one of which has already been sold in full and another partially.
Intelligent security tests for the AI era
BBS addresses one of the most pressing structural challenges of digitalization: with the increasing use of AI, attack surfaces, attack speed and attack complexity are increasing simultaneously. BBS meets this development with a proprietary service-as-software approach that consistently combines human and machine intelligence: The platform orchestrates over 16,000 vetted ethical hackers and AI agents in a closed loop that continuously models, tests and evaluates each customer’s attack surface. This provides companies with long-term active protection. The decisive competitive advantage lies in the orchestration level, the regulatory workflows and the accumulated institutional testing knowledge. Combined, this is a strategic advantage that is structurally difficult to replicate. In addition, Bug Bounty Switzerland not only offers testing procedures, but above all transparency. Findings are continuously translated into the respective corporate context and the corresponding risk assessments. This means that all relevant demand groups remain capable of acting.
Tom Alzin, CEO, Deutsche Beteiligungs AG, says: “BBS is addressing a market that is getting bigger, not smaller, thanks to AI. The company controls precisely the part of the value chain that no automation has been able to replace so far: the orchestration of the entire security testing program, embedded in the specific context of each customer. The fact that BBS has built up this model completely and profitably on its own is a strong quality feature. We see this as a long-term partnership with considerable potential for added value.”
“BBS combines three things that rarely come together: a differentiated product built on years of proprietary know-how and data, profitable operations from the start without external funding, and a market where continuous cybersecurity testing of best practice is becoming the standard. The team has earned the privilege of redefining and leading this category,” says Philipp Bolliger, Partner at Direttissima Growth Partners.
Growth potential in a structurally growing market
The global market for cybersecurity testing is growing at an annual rate of 25% (USD 14.7 billion in 2024 to an expected USD 43.9 billion in 2029). This is driven by increasing regulation, particularly in the financial services, defense and critical infrastructure sectors, as well as the expansion of attack surfaces due to AI and the structural shift from selective to continuous security solutions. According to a recent market study by Houlihan Lokey, 91% of the companies surveyed plan to increase their spending on cyber security in 2026. Cybersecurity is considered to be one of the areas that will benefit structurally from AI development instead of being disrupted.
“While AI is fundamentally redefining cyber security, organizations need protection that is continuous, intelligent and easy to use. That’s exactly what we’re already delivering to some of Europe’s most security-conscious organizations — and now we’re bringing it to market globally. With the support of Direttissima and DBAG, we are making intelligent security testing the new standard,” says Sandro Nafzger, CEO & Co-Founder of Bug Bounty Switzerland AG.
Internationalization and scaling as the next growth phase
Together with the management and lead investor Direttissima Growth Partners, DBAG plans to professionalize the organization, accelerate growth in Switzerland and develop international markets. In particular, DBAG will contribute its access to the German-speaking and Italian regions and its expertise in scaling high-growth companies.